Security
Security
I have just recieved an email to my home email address, apparently inviting me to buy chinese food. I say apparently because apart from the pictures, it is entirely in chinese.
However, it is addressed, in english, to oxenos, followed by my email address.
I was under the impression that there should be nothing to link my Pprune "tag" to my email address, so is there a problem with Pprune's security?
However, it is addressed, in english, to oxenos, followed by my email address.
I was under the impression that there should be nothing to link my Pprune "tag" to my email address, so is there a problem with Pprune's security?
It's probably...
.....a follow up about that dodgy watch you bought in Changi village. "Millie wel' know' fo' long memry, lah" I'd watch my six if I were you.
The Ancient Mariner
The Ancient Mariner
Nah...
....I bought mine from Sheikh Robbie in Sharjah. Three months bartering it took and I beat our FE to it by half an hour. Talk about p88sed off. (Does this constitute thread drift, for which I apologise?)
The Ancient Mariner
The Ancient Mariner
Join Date: Aug 2002
Location: Earth
Posts: 3,663
Likes: 0
Received 0 Likes
on
0 Posts
How secure is your password ? (might also be a good time to change both your prune and email passwords)
To quote Donald Rumsfeld....
i.e. the moderators/sysadmins will only know about the exploits they know about based on the software used, or based on what they are looking for (or penetration testing for). Stuff they're not looking for, or don't know about (e.g. zero day attacks) will simply fly under the radar.
Only they or the sysadmins will know whether hacking the forum is possible
There are known knowns; there are things we know we know.
We also know there are known unknowns; that is to say we know there are some things we do not know.
But there are also unknown unknowns – there are things we do not know we don't know.
We also know there are known unknowns; that is to say we know there are some things we do not know.
But there are also unknown unknowns – there are things we do not know we don't know.
i.e. the moderators/sysadmins will only know about the exploits they know about based on the software used, or based on what they are looking for (or penetration testing for). Stuff they're not looking for, or don't know about (e.g. zero day attacks) will simply fly under the radar.
Spoon PPRuNerist & Mad Inistrator
Do you mean that the message was addressed to:
[email protected], or to your personal email address with "Dear Oxenos" or similar in the body of the email?
I have not seen any reports that the PPRuNe servers have been hacked.
Nor have I seen any other reports from anyone else that their registration / personal (non-PPRUNE) email address has been compromised.
This is not to say that it hasn't occurred, just that I haven't heard about it!
SD
[email protected], or to your personal email address with "Dear Oxenos" or similar in the body of the email?
I have not seen any reports that the PPRuNe servers have been hacked.
Nor have I seen any other reports from anyone else that their registration / personal (non-PPRUNE) email address has been compromised.
This is not to say that it hasn't occurred, just that I haven't heard about it!
SD
Join Date: Jul 2006
Location: East of LGB
Age: 69
Posts: 625
Likes: 0
Received 0 Likes
on
0 Posts
oxenos,
I sent Clee a message. Clee is an Administrator for Internet Brands. I've not seen her here on PPRuNe but she's on Airline Pilot Central all the time and both APC and PPRuNe are owned by Internet Brands. Let's see if she responds.
Cheers,
11Fan
I sent Clee a message. Clee is an Administrator for Internet Brands. I've not seen her here on PPRuNe but she's on Airline Pilot Central all the time and both APC and PPRuNe are owned by Internet Brands. Let's see if she responds.
Cheers,
11Fan
Join Date: Mar 2011
Location: El Segundo
Posts: 674
Likes: 0
Received 0 Likes
on
0 Posts
We've got no reports of security breaches at PPRuNe. If that happens at one of our sites, usually my inbox blows up, and the effect around here is basically a five-alarm deal.
Oxenos, have you corresponded with anyone via email in which the name "Oxenos" was used?
One possibility is that your correspondent listed you as a contact in his email address book, and that his email got hacked.
Oxenos, have you corresponded with anyone via email in which the name "Oxenos" was used?
One possibility is that your correspondent listed you as a contact in his email address book, and that his email got hacked.
Per Ardua ad Astraeus
Join Date: Mar 2000
Location: UK
Posts: 18,579
Likes: 0
Received 0 Likes
on
0 Posts
The only other question at the moment is was the email address used the same as the one you are 'registered' under here or another? I suspect it is as CleeIB said in post #10 and one of your recipients has been hacked. I think if the server database has been 'hacked' we woud be flooded with these events.
If as above, little point in changing any passwords etc - just your 'friends'. I suspect no-one will have access to your email account.
If as above, little point in changing any passwords etc - just your 'friends'. I suspect no-one will have access to your email account.
Join Date: Mar 2011
Location: El Segundo
Posts: 674
Likes: 0
Received 0 Likes
on
0 Posts
No problem, 11Fan. Thanks for the heads up.
Oxenos, keep us posted. BOAC has a good question, namely, which email address got the Chinese spam message. If it's different from the one you've set in your PPRuNe profile, then the issue is not with PPRuNe.
Oxenos, keep us posted. BOAC has a good question, namely, which email address got the Chinese spam message. If it's different from the one you've set in your PPRuNe profile, then the issue is not with PPRuNe.
Join Date: Jan 2012
Location: .
Posts: 2,173
Likes: 0
Received 0 Likes
on
0 Posts
Do you have that user name and e-mail address registered with any UK military contacts? There was something in the press last week (I've lost the link) of a hack releasing details of UK MOD contacts and their e-mail addresses
Per Ardua ad Astraeus
Join Date: Mar 2000
Location: UK
Posts: 18,579
Likes: 0
Received 0 Likes
on
0 Posts
To follow MM's query, then
Does anyone else know your pprune username?
Do you ever email anyone who does from the 'pprune address' using your username?
If not, then this needs looking at further.
Edit: I see you are 'active' on another site. Have you checked there?
Does anyone else know your pprune username?
Do you ever email anyone who does from the 'pprune address' using your username?
If not, then this needs looking at further.
Edit: I see you are 'active' on another site. Have you checked there?
Last edited by BOAC; 18th Jan 2012 at 21:06.
Hippopotomonstrosesquipidelian title
Join Date: Oct 2006
Location: is everything
Posts: 1,826
Likes: 0
Received 0 Likes
on
0 Posts
Although some email harvesting is done by actually, well, harvesting emails, much of it is done programatically. To shorten a very long story, proven good email addresses have the highest value. At a lower level, if for some reason bloggs at testdomain1.cem is found to be valid, then bloggs is tested against all other domains in inventory. Similarly, testdomain1.cem is tested against all other names in inventory. The logic is that there are going to be many people on the planet with the same username, and a domain is likely to have many users.
oxenos isn't a rare name at all, so I'd imagine your email address was generated as a semi-random pairing using the above method. In your case, I'd guess the source user was German or Greek.
The reason that washed lists are way more valuable than unwashed lists is not that the recipients are known good, per se, it's because the emails are more likely to evade ISP-level spam filters.
oxenos isn't a rare name at all, so I'd imagine your email address was generated as a semi-random pairing using the above method. In your case, I'd guess the source user was German or Greek.
The reason that washed lists are way more valuable than unwashed lists is not that the recipients are known good, per se, it's because the emails are more likely to evade ISP-level spam filters.
Per Ardua ad Astraeus
Join Date: Mar 2000
Location: UK
Posts: 18,579
Likes: 0
Received 0 Likes
on
0 Posts
The people who know who oxenos is are unlikely to have passed on my details